habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: update fingerprint at same time as certificate (#10036)

Browse Source 
Previously the fingerprint was only set when initially adding a key, if it
changed for any reason (like a renewed certificate) then every execution of
`Get` would lead to a full update. The certificate itself got cached, but the
fingerprint remained stale for next time.

This increased the chance of a fatal race during the cache update.

closes #9907
This commit is contained in:
Tim Northover
2024-06-10 12:16:35 +01:00
committed by GitHub
parent 041e407153
commit 4f40b1e27c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/outpost/ak/crypto.go
View File

@ -38,7 +38,6 @@ func (cs *CryptoStore) AddKeypair(uuid string) error {
if err != nil { if err != nil {
return err return err
} }
cs.fingerprints[uuid] = cs.getFingerprint(uuid)
return nil return nil
} }
@ -73,6 +72,7 @@ func (cs *CryptoStore) Fetch(uuid string) error {
return err return err
} }
cs.certificates[uuid] = &x509cert cs.certificates[uuid] = &x509cert
cs.fingerprints[uuid] = cfp
return nil return nil
} }